5 oct 2010

Openfire + MySQL + Active Directory (English)

Openfire Hybrid Authentication 

I advise you to back up your configuration before proceeding. You can follow this guide.


Why would I want to do this? Because i don't want to spend on  CALs for Active Directory Users.

My working environment is:
  • CentOS 5.4 or Debian 5
  • Windows 2003 Active Directory
  • MySQL 5
  • Openfire 3.7.0-beta
Note: I assume that you have a Openfire Server configured to store all data in a MySQL server and authenticate users from Active Directory. If you don't, try this guide for MySQL and try this one for Active Directory. I also have a complete guide that describe the process step by step, written in spanish.


1. Login to Openfire Admin Console and edit the System Properties
  • Select Server > System Properties

  • Change the following properties to the indicated values

    Property Value
    provider.auth.className org.jivesoftware.openfire.auth.HybridAuthProvider
    provider.user.className org.jivesoftware.openfire.user.HybridUserProvider

  • Add the following properties with the indicated values

    Property Value
    hybridAuthProvider.primaryProvider org.jivesoftware.openfire.auth.DefaultAuthProvider
    hybridAuthProvider.primaryProvider.className org.jivesoftware.openfire.auth.DefaultAuthProvider
    hybridAuthProvider.secondaryProvider org.jivesoftware.openfire.ldap.LdapAuthProvider
    hybridAuthProvider.secondaryProvider.className org.jivesoftware.openfire.ldap.LdapAuthProvider



2. Add the following lines to /opt/openfire/conf/openfire.xml before  </jive>. 
    <hybridUserProvider>
        <secondaryProvider>
<className>org.jivesoftware.openfire.ldap.LdapUserProvider</className>
    </secondaryProvider> 
    <primaryProvider> 
<className>org.jivesoftware.openfire.user.DefaultUserProvider</className>
    </primaryProvider>
  </hybridUserProvider>

 



3. Restart Openfire and test

root@linux# service openfire restart

User accounts can be created in MySQL or Active Directory:

  • MySQL: Users/Groups tab in the Openfire Admin Console 
  • Active Directory: Active Directory Users and Computers in the Domain Controller

1 comentario:

Adriana dijo...

Muy completo el manual, quisiera tener mas informacion aceca de la configuracion que se debe hacer usando LDAP y no active directory, Agradezco tu colaboraciòn